The evolution and modernization of military command posts
StoryOctober 08, 2024
Dominic Perez
Curtiss-Wright
The need to enable rapid deployment capabilities for the warfighter is driving increased demand for resilient and secure communication systems in dynamic environments. Recent conflicts in Ukraine and elsewhere have reinforced what U.S. 39Department of Defense leaders have known for several years: that command posts have to be mobile to be survivable. They must be distributed over different areas and be able to set up rapidly for information-sharing and decision support without putting the post in jeopardy as an easily identifiable target on a map. The opportunity now: fielding turnkey, easy-to-use unified network operations that operate optimally on the move in the toughest deployment environments.
In the future, while there will certainly still be some larger fixed-infrastructure command posts, they won’t be located in close proximity to the tactical edge as they were in previous operations. The U.S. military needs to move beyond building and architecting a network that is fixed and must instead build mobile networks. The U.S. Army has been deploying mobile network systems, integrating them into vehicle platforms, and testing and validating their operation on the move, not just on legacy platforms, but on modern and planned platforms as well.
New mobile command posts at the tactical edge will deliver numerous benefits, such as eliminating the need to construct buildings, temporary structures, and tents. Beyond their use on ground-vehicle platforms, the mobile network will work on aviation, naval, and soldier-carried platforms to enable communication, networking, and data processing at the tactical edge while on the move. No longer will command posts need to remain static.
No matter how low the probability of intercept and detection (LPI/LPD), powering electronics up in a static location is like sending up a flare to sophisticated opponents. While adversaries may not be able to decrypt data traffic, they can zero in on the electronic signature from a static command post.
A key impediment of mobility, the rapid setup and teardown of command centers, is cabling. It’s almost a universal law that any network with more than 10 network cables will quickly descend into chaos. While most people have seen pictures of sterile data centers with miles of neatly zip-tied cabling, the secret is that those data centers don’t need to move. At a static data center, when equipment needs to be upgraded or added, it’s done with careful planning and change-control procedures, which is not always possible or practical in less sterile environments.
In deployed operations it’s critical to be able to deal with change rapidly. One example: It’s not unusual at the tactical edge for a commanding officer to order the network operators to get a new system connected ASAP. Unfortunately, changing equipment that is cabled together can rapidly end up with a big tangle of wiring.
This problem is mitigated by using wireless networks. RF-based transport technologies can range from commercial technologies such as 5G and Wi-Fi, to defense-focused technologies like MANET [mobile ad hoc network], microwave, and TRILOS [the Army’s Terrestrial Transmission Line Of Sight radio form factor], or emerging technologies such as 60 GHz. Additionally, wireless technologies can be integrated into a larger software-defined network to create a more resilient network than any single technology could provide on its own.
One of the significant technologies now used to help the U.S. Army and other customers avoid running miles of cabling is by taking advantage of the NSA [National Security Agency] Commercial Solutions for Classified (CSfC) program, which is approved to transmit classified information over two layers of commercial encryption. CSfC enables classified information to be transmitted over trusted wired, wireless, and even public networks, which isn’t practical using Type 1 communications security (COMSEC).
In the past, the only option for encryption at the edge was to use expensive and controlled military-grade COMSEC equipment, such as KG-250s and other black-box cryptography. CSfC enables the use of two different commercial encryption solutions, for example, a Cisco VPN that has an Aruba VPN tunneled inside it. CSfC makes it possible to get large numbers of end-user devices up and connected to the network simultaneously – literally in minutes – because numerous hours don’t have to be spent running and terminating cabling. Also, because CSfC uses commercial equipment, coalition partners are able access these networks without using COMSEC equipment. (Figure 1.)
.jpg)
[Figure 1 ǀ Uniformed and civilian cyber and military intelligence specialists monitor Army networks in the Cyber Mission Unit’s Cyber Operations Center at Fort Gordon. U.S. Department of Defense photo/Michael L. Lewis.]
CSfC also simplifies encryption key management, since it is designed around PKI [Public Key Encryption] where the “public” half of the encryption key (often called a certificate) doesn’t have to be protected and the “private” half of the encryption key can easily be remotely revoked in the event of compromise. Long past are the days of reading out preshared keys over Type 1 radios.
CSfC solutions can even incorporate quantum resistant algorithms from CNSA 2.0, such as CRYSTALS-Kyber, CRYSTALS-Dilithium, and others. Moreover, because it uses commercial equipment, CSfC can reduce equipment costs. It can also, in some cases, support virtualized network devices, which eliminates the need for costly and proprietary government off-the-shelf (GOTS)-only equipment. Lastly, because CSfC hardware isn’t COMSEC, it requires far less handling and fewer security procedures.
When designing networks for mobility, it’s critical to consider size, weight, and power (SWaP) and ruggedization requirements. All equipment that will be fielded for networks on the move at the tactical edge must have some level of ruggedization. It’s also essential to evaluate the environments the equipment will be subjected to and spec things out appropriately. Land, sea, air, space, and personnel-carried equipment all have unique environmental challenges; designing for the worst-case scenario will burden other platforms with additional size and weight.
Platforms subjected to higher levels of vibration and shock, or with the need for watertight equipment, need to ensure modules and chassis are designed to meet the most demanding levels of shock, vibration, and temperature extremes. This extremely rugged hardware is designed for use in demanding environments, such as attack helicopters and ground vehicles that carry munitions, and also includes hardware designed for use in space, where sealing and potential radiation exposure must be considered.
Deploying the right hardware is only the start. That’s because every piece of communications equipment that gets introduced into a system, whether software or hardware, will likely have a different interface. Learning and managing those interfaces can be too much of a burden for the typical soldier. Even in the network-communications industry it’s uncommon to find personnel with experience of more than two or three of these different interfaces.
IQ-Core Software is a simple application that functions as a single pane of glass meant for the soldier to operate in front of daily. The application is completely configurable and uses dashboards that can visualize monitored data in a variety of ways. This network-management tool provides a hierarchical network operations center-type view that enables the user to efficiently manage all network nodes while giving edge operators the local control they require. This paradigm is different than most enterprise tools that manage all assets directly without regard to the amount of bandwidth being used. (Figure 2.)
.jpg)
[Figure 2 ǀ IQ-Core Software network-management tool shown with a user’s custom dashboard highlighting critical device and network status.]
Network management is also important for keeping track of and continuously monitoring network security. Fielding and registering a CSfC solution with the NSA can encounter many complexities, especially with managing certificate generation and use. With network-management tools, users can automate the certificate-management process and keep track of certificate expiration dates; an endpoint configuration assistant guides the network manager through the process of generating certificates on end-user devices to fully meet NSA requirements. Additionally, tools simplify for the user the process of managing VPNs to ensure they are configured to NSA standards. Automating this process eliminates the need to configure a VPN using the command line or a web interface, which can be a difficult and error-prone task.
The goal is to build seamless solutions that can be used without a high level of network expertise and can be operated using reliable, battlefield-proven hardware. The opportunity is to field turnkey, easy-to-use unified network operations that operate optimally on the move in the toughest deployment environments. The future of the command post at the edge is mobility.
Dominic Perez, CISSP, is the Chief Technical Officer at Curtiss-Wright Defense Solutions and a Curtiss-Wright Technical Fellow. He has been with Curtiss-Wright Defense Solutions for 16 years. Prior to Curtiss-Wright/PacStar, Dominic worked for Biamp where he created automated testing infrastructure for the hardware, firmware, and software powering their network distributed audio, teleconferencing, and paging systems. Dominic studied mechanical engineering and computer science at Oregon State University. He currently holds multiple professional certifications from VMware in Data Center Administration; Cisco in Design, Security, and Routing/Switching; and EC Council and ISC2 in Security.
Curtiss-Wright Defense Solutions • https://www.curtisswrightds.com/
